Lucene search
K

5401 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/06 12:0 a.m.50 views

SUSE SLES15: libprotobuf-lite20 / python2-cryptography / python2-psutil / etc (SUSE-SU-2023:2783-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. grpc: - Update in SLE-15 bsc1197726, bsc1144068 protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941,...

9.1CVSS6.8AI score0.06718EPSS
Exploits3References29
ATTACKERKB
ATTACKERKB
added 2023/07/05 8:15 p.m.4 views

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

7.2CVSS7.3AI score0.01023EPSS
Exploits1References3
NVD
NVD
added 2023/07/05 8:15 p.m.17 views

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

7.2CVSS6.9AI score0.01023EPSS
Exploits1References2
OSV
OSV
added 2023/07/05 8:15 p.m.3 views

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

7.2CVSS5.9AI score0.01023EPSS
Exploits1References2
Prion
Prion
added 2023/07/05 8:15 p.m.19 views

Design/Logic Flaw

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

5.8CVSS6.8AI score0.01023EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.4 views

Loxone Miniserver 操作系统命令注入漏洞

Loxone Miniserver is a server from Loxone, Inc. that automates equipment in buildings, houses, and homes to provide energy management, monitoring, and other functions. A security vulnerability exists in Loxone Miniserver Go Gen.2 versions prior to 14.1.5.9, which stems from a websocket...

7.2CVSS7.4AI score0.01023EPSS
Exploits1References3
CVE
CVE
added 2023/07/05 12:0 a.m.2485 views

CVE-2023-36622

The affected product is Loxone Miniserver Go Gen.2 (prior to 14.1.5.9). The vulnerability is a command-injection flaw in the websocket configuration endpoint, where remote authenticated administrators can inject arbitrary OS commands via the timezone parameter. This impacts confidentiality, integ...

7.2CVSS6.8AI score0.01023EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/23 2:15 a.m.4 views

CVE-2023-36192

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...

7.8CVSS7.4AI score0.00308EPSS
Exploits1References2
OSV
OSV
added 2023/06/13 9:15 p.m.3 views

CVE-2023-2639

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.7CVSS5.8AI score0.00384EPSS
Exploits0References1
NVD
NVD
added 2023/06/13 9:15 p.m.15 views

CVE-2023-2639

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.7CVSS4.9AI score0.00384EPSS
Exploits0References1
Prion
Prion
added 2023/06/13 9:15 p.m.22 views

Design/Logic Flaw

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.3CVSS5.6AI score0.00384EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/06/13 8:28 p.m.18 views

CVE-2023-2639 Rockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information Disclosure

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.1CVSS5AI score0.00384EPSS
Exploits0References1
NVD
NVD
added 2023/06/02 5:15 p.m.17 views

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS6.7AI score0.00601EPSS
Exploits0References4
OSV
OSV
added 2023/06/02 5:15 p.m.8 views

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS7AI score
Exploits0References4
OSV
OSV
added 2023/06/02 5:15 p.m.2 views

DEBIAN-CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS6.7AI score0.00601EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.16 views

CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.9AI score0.00601EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.5 views

CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

7.7AI score0.00601EPSS
Exploits0References4
CVE
CVE
added 2023/06/02 12:0 a.m.294 views

CVE-2023-23602

CVE-2023-23602 describes a mishandled security check when creating a WebSocket in a WebWorker, causing the Content Security Policy connect-src header to be ignored. Affected products in the provided sources include Firefox (versions before 109), Firefox ESR (before 102.7), and Thunderbird (before...

6.5CVSS6.6AI score0.00601EPSS
Exploits0References4Affected Software3
AlpineLinux
AlpineLinux
added 2023/06/02 12:0 a.m.18 views

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS6.9AI score0.00601EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/06/02 12:0 a.m.35 views

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS6.9AI score0.00601EPSS
Exploits0
Rows per page
Query Builder